of Fool me once department
While we’ve covered the Internet of Broken Things for sometimes, where companies fail to secure the devices they sell that connect to the internet, the entire genre kind of took the leap back in October of last year. It was then that Qiui, a Chinese company, was found to have sold a penis chastity lock which communicates with an API that was wide open and without any password protection. The end result is that users of a device that locks their private parts could take advantage of those private parts entirely to the pleasure of malicious third parties. Qiui released a fix for the API … but didn’t do it for existing users, only for new devices. Why? Well, the company said extending it to existing devices would cause them all to crash again, with no exemptions available. Understandably, there wasn’t much interest in the company’s devices at this point.
But fear not, target market for penis chastity locks! Qiui says it is now totally safe to use the product again!
Now the European chastity cage distributor, who goes by the name CELLMATE, wants everyone to know that it is safe to use the device after the release of a new app, which they claim has fixed the vulnerabilities of the API used to control it.
“Our product and our brand (CELLMATE) received quite a bit of negative attention because of this post. Now you may think ‘negative publicity is also advertising’, but unfortunately it turned out to be completely different for the CELLMATE, “Dennis Jansen, who works for Desudo, a distributor of the CELLMATE device, told Motherboard in an email, referring to our first story on hacking. “This wrongly created the image that our product could be hacked, after which the wearer’s genitals would be permanently locked. Although such a situation was not even realistic at the time of publication (as you can read and see it here), this story unfairly scared current and potential users of our product. You will understand that it had absolutely no positive effect on attention and interest in using CELLMATE. “
A few points to note here. First, these whining on media coverage are about as muffled as they could be. Second, while an emergency release accessible with a screwdriver can indeed go through an object, it seems not all users of the device are aware of it, given that at least one victim claims to have had to. use bolt cutters that left it bleeding. “It hurts,” he told Motherboard. Which one, yeah.
But perhaps the most important of this The story is, anyone who actually wants to see the third-party penetration test for the API can go and hammer the sand. The Pen Test Partners, who initially discovered and reported the flaw, were also reportedly asked to assess the third-party penetration test. When asked if they would confirm that the device was now safe to use, company representatives shrugged.
The founder of Pen Test Partners, Ken Munro, and the researcher who audited CELLMATE, Alex Lomas, both confirmed to Motherboard that they had received the third-party review and that the document indicates that the problems are now resolved. But they also said they couldn’t confirm the results because they hadn’t audited the device, its app, and its API since last year.
“I don’t think I can comment further on whether or not the product is safe at this point, I think people hopefully have enough information to make up their own minds,” Lomas told Motherboard during an online chat.
Not exactly ringing approval, obviously. The point is that the reputation cost of any company that allows this type of vulnerability does not normally put an organization in a position of trust for these type of fixes. This lack of confidence probably becomes overpowered when the naughty parts of people are involved. What is really needed here, if companies and their distributors are to restore public trust, is transparency. Unfortunately, that doesn’t appear to be in the offer.
Thanks for reading this Techdirt post. With so much competing for attention these days, we really appreciate your giving us your time. We work hard every day to bring quality content to our community.
Techdirt is one of the few truly independent media that remains. We don’t have a giant company behind us, and we rely heavily on our community to support us, at a time when advertisers are less and less interested in sponsoring small independent sites – especially a site like ours that does not want to put his finger on his reports. and analysis.
While other websites have resorted to pay walls, registration requirements, and increasingly annoying / intrusive advertising, we’ve always kept Techdirt open and accessible to everyone. But to continue like this, We need your support. We offer our readers a variety of ways to support us, from direct donations to special subscriptions and cool products – and every little bit counts. Thank you.
– The Techdirt team
Filed under: chastity lock, iot, security